LIS 525 - Firewalls

A firewall isolates a computer from the Internet using code that inspects each individual packet of data, inbound or outbound, to determine whether it should be allowed to pass.

Many products call themselves firewalls but in fact are not. Also, many firewall products are limited in their capabilities; for example, corporate firewalls tend to be concerned with attacks from outside, but not with viruses, Trojans, or adware that may be run on computers within the firewall, access servers elsewhere on the Internet, and transmit private information.

Microsoft Windows XP includes a built-in Internet Connection Firewall. When enabled, the Internet Connection Firewall blocks all unsolicited connections originating from the Internet outside a protected network and prevents the scanning of ports and resources.

Seeing Whether a Firewall Is Needed or How Well an Existing Firewall Is Working

Gibson Research provides a free Web-based service (ShieldsUp) which tests Internet connections and probes common ports of a single computer to look for vulnerabilities.

When ShieldsUp is used to probe common ports on a (faculty) computer on the FIMS LAN, it returns the following information:

"Your Internet port 139 does not appear to exist!" ("FULL STEALTH MODE") ("that's very cool")
"Unable to connect with NetBIOS to your computer." "All attempts to get any information from your computer have FAILED." (Very uncommon and very secure.)

When commonly used ports are probed, the following results are reported:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet.

Port	Service	Status
0	<nil>	Stealth
21	FTP	Stealth
22	SSH	Stealth
23	Telnet	Stealth
25	SMTP	Stealth
79	Finger	Stealth
80	HTTP	Stealth
110	POP3	Stealth
113	IDENT	Stealth
119	NNTP	Stealth
135	RPC (Remote Procedure Call)	Stealth
139	Net BIOS	Stealth
143	IMAP	Stealth
389	LDAP	Stealth
443	HTTPS	Stealth
445	MSFT DS	Stealth
1002	ms-ils	Stealth
1024	DCOM	Stealth
1025-1030	Host	Stealth
1720	H.323	Stealth
5000	UPnP	Stealth

"Stealth" means that there is no evidence that the port exists at the given IP address; if all ports have status "stealth", the computer cannot be detected. "Closed" would mean that the port exists but is currently closed to connections. "Open" should only be true for ports through which the computer is supposed to be actively offering Internet services (that is, acting as a server). Since the computer is not currently supposed to be acting as a server, the settings appear appropriate.

For More Information

Check Point Software Technologies. 2007. ZoneAlarm by Check Point - Award winning PC Protection, Antivirus, Firewall, Anti-Spyware, Identity Protection, and much more.. http://www.zonelabs.com/store/application. (ZoneAlarm Pro firewall software, US$39.95.)
Gibson Research Corporation. 2007. GRC | Gibson Research Corporation Home Page. http://grc.com/default.htm. (Various security related tools and links to articles. The ShieldsUp service allows you to test for holes through which others can access your computer over the Internet.)
Howstuffworks. 2007. Howstuffworks "How Firewalls Work". http://www.howstuffworks.com/firewall.htm.
Microsoft. 2006. Windows XP: Using Windows Firewall. http://www.microsoft.com/windowsxp/using/networking/learnmore/icf.mspx. (Basic how-to information.)
Yegulalp, S. 2006. "Safety First: Five Firewalls For Your Desktop PC". TechWeb. http://www.techweb.com/showArticle.jhtml?articleID=161000001. (Review of five products, including Zone Alarm and Windows Personal Firewall.)

Home

Last updated October 31, 2007.
This page maintained by Prof. Tim Craven
E-mail (text/plain only): craven@uwo.ca
Faculty of Information and Media Studies
University of Western Ontario,
London, Ontario
Canada, N6A 5B7